Encrypted talkgroups on control channel

mwjones

Member
Premium Subscriber
Joined
Apr 9, 2003
Messages
589
Location
Van Alstyne, TX
Is it possible to detect encrypted talkgroups (BP / EP / AES) on Motorola Connect+ systems by scanning the Control Channel?
Using DSD+ (and likely other software applications) and monitoring the control channel you will see calls appear showing "Enc Group Call", along with the channel assignment and talkgroup number, but the audio side will not follow, since that's a waste of resources (since the software can't decrypt the audio).

This is what my logs show for a P25 system (the CON+ is similar, but I don't have an example at the moment)
Code:
Freq=851.187500  NAC=22C  Enc Group call; TG=7011  RID=6483475  Ch=853.07500  2s
 

boatbod

Member
Joined
Mar 3, 2007
Messages
3,309
Location
Talbot Co, MD
Is it possible to detect encrypted talkgroups (BP / EP / AES) on Motorola Connect+ systems by scanning the Control Channel?
Some encryption algos are stronger than others and therefore the complexity to decode (either with or without the correct key) varies considerably. If something is worth protecting, it's unlikely to be secured using BP.... just saying!
 

MTL_Emergencies

Member++
Database Admin
Joined
Sep 6, 2019
Messages
108
Location
Quebec, Canada
Thanks for the answers. What I meant was if it was possible to detect directly on the control channel (of a MotoTRBO Connect+ system) if a talkgroup is encrypted.
E.g. monitoring a P25 control channel and seeing that a certain talkgroup is encrypted (but not following/decoding the voice frequency).
 

lwvmobile

DSD-FME
Joined
Apr 26, 2020
Messages
1,247
Location
Lafayette County, FL
Thanks for the answers. What I meant was if it was possible to detect directly on the control channel (of a MotoTRBO Connect+ system) if a talkgroup is encrypted.
No, only way of knowing on DMR is to get the PI header or the SVC enc bit set during full link control for the voice call (after you've tuned to it). Its not broadcast over the air on the CC or anything like a PDU. Not sure, but I suppose some software could lock these out if desired in order to limit repeat tuning to the same enc voices by internalizing which groups it has observed to be enc or similar. Unless its available in some form of Proprietary PDU data.

On P25, the only thing I'm aware of is the MFID A4 Group Regroup Explicit Encryption Command PDU. This is supposed to broadcasts which groups/supergroups are enc and which alg/key they use, but my observation is that its more of a suggestion than set in stone, as listeners on the site I've seen the PDU on (Duke Energy P25) say they've heard the groups in the PDU in the clear, regardless of what the PDU suggests.

Code:
12:41:40        P25p2 VCH 1  MAC_SIGNAL
 MFIDA4 Group Regroup Explicit Encryption Command
  SG [64605] KEY [0001] ALG [84]
  WGID [60100][EAC4] WGID [60101][EAC5]
 P25 PDU Payload
  [1C][B0][A4][0D][67][FC][5D][00][01][84][EA][C4]
  [EA][C5][08][05][88][88][88][01][AB][DE][80][00]
 
Top